Kernel/linux
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git synced 2025-01-08 14:23:19 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
d1d991efaf
linux/security/selinux/include/initial_sid_to_string.h
Masahiro Yamada 541b57e313 selinux: do not include <linux/*.h> headers from host programs 
The header, security/selinux/include/classmap.h, is included not only
from kernel space but also from host programs.

It includes <linux/capability.h> and <linux/socket.h>, which pull in
more <linux/*.h> headers. This makes the host programs less portable,
specifically causing build errors on macOS.

Those headers are included for the following purposes:

 - <linux/capability.h> for checking CAP_LAST_CAP
 - <linux/socket.h> for checking PF_MAX

These checks can be guarded by __KERNEL__ so they are skipped when
building host programs. Testing them when building the kernel should
be sufficient.

The header, security/selinux/include/initial_sid_to_string.h, includes
<linux/stddef.h> for the NULL definition, but this is not portable
either. Instead, <stddef.h> should be included for host programs.

Reported-by: Daniel Gomez <da.gomez@samsung.com>
Closes: https://lore.kernel.org/lkml/20240807-macos-build-support-v1-6-4cd1ded85694@samsung.com/
Closes: https://lore.kernel.org/lkml/20240807-macos-build-support-v1-7-4cd1ded85694@samsung.com/
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
Signed-off-by: Paul Moore <paul@paul-moore.com>
2024-10-03 15:34:24 -04:00

39 lines
1.1 KiB
C
Raw Blame History

/* SPDX-License-Identifier: GPL-2.0 */
#ifdef __KERNEL__
#include <linux/stddef.h>
#else
#include <stddef.h>
#endif
static const char *const initial_sid_to_string[] = {
NULL, /* zero placeholder, not used */
"kernel", /* kernel / SECINITSID_KERNEL */
"security", /* security / SECINITSID_SECURITY */
"unlabeled", /* unlabeled / SECINITSID_UNLABELED */
NULL, /* fs */
"file", /* file / SECINITSID_FILE */
NULL, /* file_labels */
"init", /* init / SECINITSID_INIT */
"any_socket", /* any_socket / SECINITSID_ANY_SOCKET */
"port", /* port / SECINITSID_PORT */
"netif", /* netif / SECINITSID_NETIF */
"netmsg", /* netmsg / SECINITSID_NETMSG */
"node", /* node / SECINITSID_NODE */
NULL, /* igmp_packet */
NULL, /* icmp_socket */
NULL, /* tcp_socket */
NULL, /* sysctl_modprobe */
NULL, /* sysctl */
NULL, /* sysctl_fs */
NULL, /* sysctl_kernel */
NULL, /* sysctl_net */
NULL, /* sysctl_net_unix */
NULL, /* sysctl_vm */
NULL, /* sysctl_dev */
NULL, /* kmod */
NULL, /* policy */
NULL, /* scmp_packet */
"devnull", /* devnull / SECINITSID_DEVNULL */
};
Reference in New Issue View Git Blame Copy Permalink